STARTTLS and sp*m (was: Re: current usage of AAAA implicit MX?)
tim-projects at sentinelchicken.org
Wed Apr 16 18:17:38 CEST 2008
> The above could be used to determine whether the sender used the MX to
> find the host. It may not be worth it if it doesn't catch that many
> "bad" senders. The idea is interesting.
Right, well the system as designed would prevent any access if they did
not at least query for the AAAA record before connecting to the host.
80 bits is enough to prevent offline cracking, let alone any kind of
online address guessing. You could chain multiple of these together
with randomized MX values to ensure MX records were queried as well.
To summarize what I mentioned before, the next step is to connect the
DNS query event to the SMTP (or other) connection. My thesis was
focused on using that information in spoofed attacks, since one normally
has no information about the true source of a spoofed packet. Using
these cookies, at least you can have a rough idea as to what DNS
resolver they used to find you in the first place.
More information about the ipv6-ops